------------------------------------------------------------
revno: 655
committer: Matthias Klose <d...@ubuntu.com>
branch nick: openjdk8
timestamp: Thu 2015-10-22 14:01:37 +0200
message:
openjdk-8 (8u66-b17-1) unstable; urgency=high
* Update to 8u66-b01.
* Security fixes:
- S8048030, CVE-2015-4734: Expectations should be consistent
- S8068842, CVE-2015-4803: Better JAXP data handling
- S8076339, CVE-2015-4903: Better handling of remote object invocation
- S8076383, CVE-2015-4835: Better CORBA exception handling
- S8076387, CVE-2015-4882: Better CORBA value handling
- S8076392, CVE-2015-4881: Improve IIOPInputStream consistency
- S8076413, CVE-2015-4883: Better JRMP message handling
- S8078427, CVE-2015-4842: More supportive home environment
- S8078440: Safer managed types
- S8080541: More direct property handling
- S8080688, CVE-2015-4860: Service for DGC services
- S8081744, CVE-2015-4868: Clear out list corner case
- S8081760: Better group dynamics
- S8086092. CVE-2015-4840: More palette improvements
- S8086733, CVE-2015-4893: Improve namespace handling
- S8087350: Improve array conversions
- S8103671, CVE-2015-4805: More objective stream classes
- S8103675: Better Binary searches
- S8129611: Accessbridge error handling improvement
- S8130078, CVE-2015-4911: Document better processing
- S8130185: More accessible access switch
- S8130193, CVE-2015-4806: Improve HTTP connections
- S8130864: Better server identity handling
- S8130891, CVE-2015-4843: (bf) More direct buffering
- S8131291, CVE-2015-4872: Perfect parameter patterning
- S8132042, CVE-2015-4844: Preserve layout presentation
* Strip packages again, Debian infrastruction is fixed. Closes: #775760.
-- Matthias Klose <d...@ubuntu.com> Wed, 21 Oct 2015 22:48:28 +0200
removed:
debian/patches/make4-compatibility.diff
modified:
corba.tar.xz
debian/changelog
debian/patches/kfreebsd-support-jdk.diff
debian/rules
hotspot-aarch64.tar.xz
hotspot.tar.xz
jaxp.tar.xz
jaxws.tar.xz
jdk.tar.xz
langtools.tar.xz
nashorn.tar.xz
root.tar.xz
--
lp:~openjdk/openjdk/openjdk8
https://code.launchpad.net/~openjdk/openjdk/openjdk8
Your team Debian Java Maintainers is subscribed to branch
lp:~openjdk/openjdk/openjdk8.
To unsubscribe from this branch go to
https://code.launchpad.net/~openjdk/openjdk/openjdk8/+edit-subscription
=== modified file 'corba.tar.xz'
Binary files corba.tar.xz 2015-07-27 15:41:37 +0000 and corba.tar.xz 2015-10-22 12:01:37 +0000 differ
=== modified file 'debian/changelog'
--- debian/changelog 2015-10-19 13:33:45 +0000
+++ debian/changelog 2015-10-22 12:01:37 +0000
@@ -1,8 +1,36 @@
-openjdk-8 (8u66-b01-7) UNRELEASED; urgency=medium
+openjdk-8 (8u66-b17-1) unstable; urgency=high
+ * Update to 8u66-b01.
+ * Security fixes:
+ - S8048030, CVE-2015-4734: Expectations should be consistent
+ - S8068842, CVE-2015-4803: Better JAXP data handling
+ - S8076339, CVE-2015-4903: Better handling of remote object invocation
+ - S8076383, CVE-2015-4835: Better CORBA exception handling
+ - S8076387, CVE-2015-4882: Better CORBA value handling
+ - S8076392, CVE-2015-4881: Improve IIOPInputStream consistency
+ - S8076413, CVE-2015-4883: Better JRMP message handling
+ - S8078427, CVE-2015-4842: More supportive home environment
+ - S8078440: Safer managed types
+ - S8080541: More direct property handling
+ - S8080688, CVE-2015-4860: Service for DGC services
+ - S8081744, CVE-2015-4868: Clear out list corner case
+ - S8081760: Better group dynamics
+ - S8086092. CVE-2015-4840: More palette improvements
+ - S8086733, CVE-2015-4893: Improve namespace handling
+ - S8087350: Improve array conversions
+ - S8103671, CVE-2015-4805: More objective stream classes
+ - S8103675: Better Binary searches
+ - S8129611: Accessbridge error handling improvement
+ - S8130078, CVE-2015-4911: Document better processing
+ - S8130185: More accessible access switch
+ - S8130193, CVE-2015-4806: Improve HTTP connections
+ - S8130864: Better server identity handling
+ - S8130891, CVE-2015-4843: (bf) More direct buffering
+ - S8131291, CVE-2015-4872: Perfect parameter patterning
+ - S8132042, CVE-2015-4844: Preserve layout presentation
* Strip packages again, Debian infrastruction is fixed. Closes: #775760.
- -- Matthias Klose <d...@ubuntu.com> Mon, 19 Oct 2015 15:31:42 +0200
+ -- Matthias Klose <d...@ubuntu.com> Wed, 21 Oct 2015 22:48:28 +0200
openjdk-8 (8u66-b01-6) unstable; urgency=medium
=== modified file 'debian/patches/kfreebsd-support-jdk.diff'
--- debian/patches/kfreebsd-support-jdk.diff 2015-10-15 13:48:30 +0000
+++ debian/patches/kfreebsd-support-jdk.diff 2015-10-22 12:01:37 +0000
@@ -4282,6 +4282,8 @@
#define pread64 pread
#define pwrite64 pwrite
+Index: b/jdk/make/lib/Awt2dLibraries.gmk
+===================================================================
--- a/jdk/make/lib/Awt2dLibraries.gmk
+++ b/jdk/make/lib/Awt2dLibraries.gmk
@@ -309,7 +309,7 @@ LIBAWT_FILES := \
@@ -4302,16 +4304,25 @@
LDFLAGS_SUFFIX_solaris := -ljvm $(LIBM) $(LIBDL) -ljava -lc, \
LDFLAGS_SUFFIX_aix :=-ljvm $(LIBM) $(LIBDL) -ljava -lm,\
LDFLAGS_SUFFIX_macosx := -lmlib_image -ljvm $(LIBM) \
-@@ -991,7 +991,7 @@ else # OPENJDK_TARGET_OS not windows
- LDFLAGS := $(LDFLAGS_JDKLIB) \
- $(call SET_SHARED_LIBRARY_ORIGIN), \
- LDFLAGS_solaris := -L$(OPENWIN_HOME)/sfw/lib$(OPENJDK_TARGET_CPU_ISADIR) -L$(OPENWIN_LIB)$(OPENJDK_TARGET_CPU_ISADIR), \
-- LDFLAGS_SUFFIX_linux := $(JAWT_LIBS) $(LDFLAGS_JDKLIB_SUFFIX), \
-+ LDFLAGS_SUFFIX_bsd := $(JAWT_LIBS) $(LDFLAGS_JDKLIB_SUFFIX), \
- LDFLAGS_SUFFIX_aix := $(JAWT_LIBS) $(LDFLAGS_JDKLIB_SUFFIX),\
- LDFLAGS_SUFFIX_solaris := $(JAWT_LIBS) $(LDFLAGS_JDKLIB_SUFFIX) -lXrender, \
- LDFLAGS_SUFFIX_macosx := -Xlinker -rpath -Xlinker @loader_path $(JAWT_LIBS) \
-@@ -1180,13 +1180,13 @@ ifeq ($(BUILD_HEADLESS), true)
+@@ -637,7 +637,7 @@ ifeq ($(findstring $(OPENJDK_TARGET_OS),
+ MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libawt_xawt/mapfile-vers, \
+ LDFLAGS := $(LDFLAGS_JDKLIB) \
+ $(X_LIBS) $(LIBAWT_XAWT_LDFLAGS), \
+- LDFLAGS_linux := $(call SET_SHARED_LIBRARY_ORIGIN) \
++ LDFLAGS_bsd := $(call SET_SHARED_LIBRARY_ORIGIN) \
+ $(call SET_SHARED_LIBRARY_ORIGIN,/..), \
+ LDFLAGS_solaris := -L$(OPENWIN_HOME)/sfw/lib$(OPENJDK_TARGET_CPU_ISADIR) \
+ -L$(OPENWIN_LIB)$(OPENJDK_TARGET_CPU_ISADIR) \
+@@ -686,7 +686,7 @@ $(eval $(call SetupNativeCompilation,BUI
+ LDFLAGS_windows := $(WIN_AWT_LIB) $(WIN_JAVA_LIB), \
+ LDFLAGS_SUFFIX_solaris := -lawt -ljava -ljvm -lc, \
+ LDFLAGS_SUFFIX_macosx := $(LIBM) -lawt -ljava -ljvm, \
+- LDFLAGS_SUFFIX_linux := -lm -lawt -ljava -ljvm -llcms2, \
++ LDFLAGS_SUFFIX_bsd := -lm -lawt -ljava -ljvm -llcms2, \
+ LDFLAGS_SUFFIX_aix := -lm -lawt -ljava -ljvm,\
+ VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \
+ RC_FLAGS := $(RC_FLAGS) \
+@@ -853,13 +853,13 @@ ifeq ($(BUILD_HEADLESS), true)
MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libawt_headless/mapfile-vers, \
LDFLAGS := $(LDFLAGS_JDKLIB) \
$(call SET_SHARED_LIBRARY_ORIGIN), \
@@ -4327,6 +4338,33 @@
LDFLAGS_SUFFIX_aix := -ljvm -lawt -ljava,\
LDFLAGS_SUFFIX_solaris := $(LIBDL) -ljvm -lawt -lm -ljava $(LIBCXX) -lc, \
OBJECT_DIR := $(JDK_OUTPUTDIR)/objs/libawt_headless, \
+@@ -936,7 +936,7 @@ $(eval $(call SetupNativeCompilation,BUI
+ LDFLAGS := $(subst -Xlinker -z -Xlinker defs,,$(LDFLAGS_JDKLIB)) $(LDFLAGS_CXX_JDK) \
+ $(call SET_SHARED_LIBRARY_ORIGIN), \
+ LDFLAGS_SUFFIX := $(BUILD_LIBFONTMANAGER_FONTLIB), \
+- LDFLAGS_SUFFIX_linux := -lawt $(LIBM) $(LIBCXX) -ljava -ljvm -lc, \
++ LDFLAGS_SUFFIX_bsd := -lawt $(LIBM) $(LIBCXX) -ljava -ljvm -lc, \
+ LDFLAGS_SUFFIX_solaris := -lawt -lawt_headless -lc $(LIBM) $(LIBCXX) -ljava -ljvm, \
+ LDFLAGS_SUFFIX_aix := -lawt -lawt_headless $(LIBM) $(LIBCXX) -ljava -ljvm,\
+ LDFLAGS_SUFFIX_macosx := -lawt $(LIBM) $(LIBCXX) -undefined dynamic_lookup \
+@@ -1087,7 +1087,7 @@ else # OPENJDK_TARGET_OS not windows
+ LDFLAGS := $(LDFLAGS_JDKLIB) \
+ $(call SET_SHARED_LIBRARY_ORIGIN), \
+ LDFLAGS_solaris := -L$(OPENWIN_HOME)/sfw/lib$(OPENJDK_TARGET_CPU_ISADIR) -L$(OPENWIN_LIB)$(OPENJDK_TARGET_CPU_ISADIR), \
+- LDFLAGS_SUFFIX_linux := $(JAWT_LIBS) $(LDFLAGS_JDKLIB_SUFFIX), \
++ LDFLAGS_SUFFIX_bsd := $(JAWT_LIBS) $(LDFLAGS_JDKLIB_SUFFIX), \
+ LDFLAGS_SUFFIX_aix := $(JAWT_LIBS) $(LDFLAGS_JDKLIB_SUFFIX),\
+ LDFLAGS_SUFFIX_solaris := $(JAWT_LIBS) $(LDFLAGS_JDKLIB_SUFFIX) -lXrender, \
+ LDFLAGS_SUFFIX_macosx := -Xlinker -rpath -Xlinker @loader_path $(JAWT_LIBS) \
+@@ -1143,7 +1143,7 @@ ifndef OPENJDK
+ MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libkcms/mapfile-vers, \
+ LDFLAGS := $(LDFLAGS_JDKLIB) \
+ $(call SET_SHARED_LIBRARY_ORIGIN), \
+- LDFLAGS_SUFFIX_linux := -lc -lpthread, \
++ LDFLAGS_SUFFIX_bsd := -lc -lpthread, \
+ LDFLAGS_SUFFIX_solaris := -lc, \
+ LDFLAGS_SUFFIX_windows := $(WIN_JAVA_LIB) advapi32.lib user32.lib version.lib, \
+ LDFLAGS_SUFFIX_posix := -lm -ljava -ljvm, \
--- /dev/null
+++ b/jdk/src/share/lib/security/java.security-bsd
@@ -0,0 +1,569 @@
=== removed file 'debian/patches/make4-compatibility.diff'
--- debian/patches/make4-compatibility.diff 2015-01-16 14:21:04 +0000
+++ debian/patches/make4-compatibility.diff 1970-01-01 00:00:00 +0000
@@ -1,40 +0,0 @@
-# DP: Fix hotspot build system for GNU make 4.0.
-
-Description: Fixes a bug in adjust-mflags.sh that breaks the hotspot build
- with GNU make 4.0. The adjust-mflags.sh script attempts to replace
- the -j parameter but it corrupts other parameters containing the character 'j'.
- make 4.0 is more strict and returns an error in this case.
-
- For example:
-
- -I/home/ebourg/openjdk8/make/common
-
- is transformed into:
-
- -I/home/ebourg/open -j2 -dk8/make/common
-
- This error is caused by this sed expression:
-
- s/ -\([^ ][^ ]*\)j/ -\1 -j/
-
- This expression splits a set of concatenated options containing the 'j' character:
-
- -abcdefghijkl --> -abcdefghi -jkl
-
- But it breaks the -I parameter which is followed by a path that may contain 'j'
- (and this is often true when building open*j*dk)
-
- The fix consists in ignoring the concatenated options if '/' is found.
-Author: Emmanuel Bourg <ebo...@apache.org>
-Bug: https://bugs.openjdk.java.net/browse/JDK-8028407
---- a/hotspot/make/linux/makefiles/adjust-mflags.sh
-+++ b/hotspot/make/linux/makefiles/adjust-mflags.sh
-@@ -64,7 +64,7 @@
- echo "$MFLAGS" \
- | sed '
- s/^-/ -/
-- s/ -\([^ I][^ I]*\)j/ -\1 -j/
-+ s/ -\([^ I][^/ I]*\)j/ -\1 -j/
- s/ -j[0-9][0-9]*/ -j/
- s/ -j\([^ ]\)/ -j -\1/
- s/ -j/ -j'${HOTSPOT_BUILD_JOBS:-${default_build_jobs}}'/
=== modified file 'debian/rules'
--- debian/rules 2015-10-19 13:33:45 +0000
+++ debian/rules 2015-10-22 12:01:37 +0000
@@ -375,7 +375,6 @@
COMMON_PATCHES = \
autoconf-select.diff \
hotspot-warn-no-errformat.diff \
- make4-compatibility.diff \
aarch64.diff \
hotspot-set-compiler.diff \
ppc64el.diff \
@@ -1668,6 +1667,10 @@
$(d)/$(basedir)/jre/lib/$(archdir)/.
endif
+ifneq (,$(filter $(DEB_HOST_ARCH), kfreebsd-amd64 kfreebsd-i386))
+ cp -a $(d)/$(basedir)/include/bsd $(d)/$(basedir)/include/linux
+endif
+
chmod -R u+w $(d)
: # use javaws from icedtea-netx
@@ -2281,7 +2284,7 @@
is_release =
is_release = yes
hg_project = jdk8u
-hg_tag = jdk8u66-b01
+hg_tag = jdk8u66-b17
package_version = $(subst jdk,,$(hg_tag))
ifneq ($(is_release),yes)
package_version := $(subst -,~,$(package_version))
=== modified file 'hotspot-aarch64.tar.xz'
Binary files hotspot-aarch64.tar.xz 2015-07-27 15:41:37 +0000 and hotspot-aarch64.tar.xz 2015-10-22 12:01:37 +0000 differ
=== modified file 'hotspot.tar.xz'
Binary files hotspot.tar.xz 2015-07-27 15:41:37 +0000 and hotspot.tar.xz 2015-10-22 12:01:37 +0000 differ
=== modified file 'jaxp.tar.xz'
Binary files jaxp.tar.xz 2015-07-27 15:41:37 +0000 and jaxp.tar.xz 2015-10-22 12:01:37 +0000 differ
=== modified file 'jaxws.tar.xz'
Binary files jaxws.tar.xz 2015-07-27 15:41:37 +0000 and jaxws.tar.xz 2015-10-22 12:01:37 +0000 differ
=== modified file 'jdk.tar.xz'
Binary files jdk.tar.xz 2015-07-27 15:41:37 +0000 and jdk.tar.xz 2015-10-22 12:01:37 +0000 differ
=== modified file 'langtools.tar.xz'
Binary files langtools.tar.xz 2015-07-27 15:41:37 +0000 and langtools.tar.xz 2015-10-22 12:01:37 +0000 differ
=== modified file 'nashorn.tar.xz'
Binary files nashorn.tar.xz 2015-07-27 15:41:37 +0000 and nashorn.tar.xz 2015-10-22 12:01:37 +0000 differ
=== modified file 'root.tar.xz'
Binary files root.tar.xz 2015-07-27 15:41:37 +0000 and root.tar.xz 2015-10-22 12:01:37 +0000 differ
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
debian-j...@lists.debian.org for discussions and questions.
